Skip to content
Latchkey

Buildkite "Error uploading artifacts" in CI

When you use your own artifact store (for example an S3 bucket), the agent uploads matched files there. If the store rejects the write, the agent reports "Error uploading artifacts" and the step fails.

What this error means

The upload step finds files but then fails with "Error uploading artifacts" and a store error such as AccessDenied or a bucket-not-found message.

buildkite-agent
Uploading "dist/app.tar.gz"
2026-06-30 12:00:01 FATAL Error uploading artifacts: AccessDenied: Access Denied
  status code: 403, request id: ...

Common causes

The agent lacks write access to the store

The IAM role or credentials the agent uses cannot PutObject into the configured artifact bucket, so the store returns 403.

The wrong bucket or path is configured

The BUILDKITE_ARTIFACT_UPLOAD_DESTINATION (or agent artifact config) points at a bucket that does not exist or a prefix the role cannot write.

How to fix it

Grant the agent write access to the bucket

  1. Confirm the artifact destination bucket and prefix.
  2. Attach an IAM policy allowing s3:PutObject on that bucket path to the agent role.
  3. Re-run the upload to confirm the store accepts it.
IAM policy
{
  "Effect": "Allow",
  "Action": ["s3:PutObject"],
  "Resource": "arn:aws:s3:::my-buildkite-artifacts/*"
}

Point at the correct destination

Set the artifact upload destination to a bucket that exists and that the agent role can write.

Terminal
export BUILDKITE_ARTIFACT_UPLOAD_DESTINATION="s3://my-buildkite-artifacts/$BUILDKITE_PIPELINE_SLUG"

How to prevent it

  • Grant least-privilege PutObject on the artifact bucket to the agent role.
  • Verify the artifact destination bucket and prefix exist.
  • Keep artifact store credentials in the agent role, not the pipeline.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →